Advanced Encryption Standard, is a symmetric key encryption algorithm using a block-cipher method developed by Joan Daemen and Vincent Rijmen. Available in key sizes of 128-bit, 192-bit, or 256-bit.

amplification attack

A method of attack that starts with relatively few packets and amplifies its responses (like Smurf or Fraggle attacks).

AnyConnect

Cisco’s secure mobility client solution, supporting full-tunnel VPN. Require sa small client on the workstation, but then tunnels all traffic through the SSL or IPsec tunnel, allowing other nonsecure protocols to be transported and secured.

ASA

Adaptive Security Appliance firewall, such as the ASA 5510 Firewall.

asset

Property (tangible or intangible) that has value to a company, something worth protecting.

asymmetrical

Meaning both sides are not the same (not symmetrical). An asymmetrical encryption algorithm uses one key to encrypt data and a second (and different) key to decrypt the data.

attack severity rating

The amount of damage an attack can cause. It is used as one property of a signature inside of an IPS/IDS system.

audit

A detailed review of a network, system or collection of processes. Accounting is another word that has a similar function: collecting information about the network.

authentication method list

The list of methods to be used for authentication (RADIUS, TACACS, enable password, Kerberos, vty line, or local database).

authorization method list

The list of methods to be used for authorization (RADIUS,TACACS, Kerberos, local database, or to pass if already authenticated).

Used to specify what the authenticated user is authorized to do

C3PL

Cisco Common Classification Policy Language. This promotes the concept of using class maps and policy maps to identify and provide specific treatment for traffic

CA

Certificate authority. A system that generates and issues digital certificates. This is usually a device that is trusted by both parties using certificates.

The portion of modular policy framework (MPF) in the ASA, or C3PL on routers and switches, that defines what types of traffic belong to a certain class. Policy maps rely on class maps for the classification of traffic.

class map type inspect

This special type of class map defines specific classes and types of traffic to be used for further inspection in Zone-Based Firewalls on IOS routers.

clientless SSL VPN

Allows for limited VPN resource access within some protocols that can natively support TLS, such as HTTPS and CIFS shared over HTTPS.

context-aware security

Security enforcement that involves the observation of users and roles in addition to things like interface-based controls. An example is an ACS server providing full access to an administrator who is logged in from his local computer, but restricted access when that same user is logged in through a remote device or through a smart phone.

control plane

The logic systems in a device that are responsible for the routing or switching decisions (control). Routing protocols are a prime example.

CRL

Certificate revocation list. Used in a PKI environment to inform clients about certificates that have been revoked by the CA.

custom privilege level

Level 0 (user) and level 15 (enable) are predefined; anything in between (1–14) would be custom privilege level.

data plane

The logic systems in a device that are responsible for the actual movement (post-decision) of information. End users sending traffic to their servers is one example of traffic on the data plane.

DH group

The Diffie-Hellman exchange, refers to the security algorithm used to exchange keys securely, even over an unsecured network connection. Groups refer to the lengths of the keys involved in the exchange. Group 1 is a 768-bit key exchange, Group 2 is a 1024-bitkey exchange, and Group 5 is a 1536-bit key exchange. The purpose of this algorithm is toestablish shared symmetrical secret keys on both peers. The symmetric keys are used by symmetric algorithms such as AES.